The Wire Data App for ExtraHop imports real-time network, web services, database, storage, and memcache metrics into Splunk that are otherwise difficult or impossible to log. To work, this app requires an ExtraHop appliance.
The ExtraHop platform is the most scalable and functional solution for real-time transaction analysis. ExtraHop gathers data passively by observing communication on the wire in cases where logs are sparse or not readily available, such as in mainframes. With this app, ExtraHop users can send policy-based events to Splunk, including consistently formatted logs across systems from different vendors, high-priority anomalies, and correlated cross-tier events.
The ExtraHop platform is a physical or virtual appliance that analyzes network traffic and extracts network, web, VDI, database, and storage performance metrics at speeds of up to 20Gbps. ExtraHop can send real-time events into Splunk based on the result of over-the-wire, L2-L7 packet analysis. ExtraHop complements Splunk in several ways for real-time IT operations analytics:
- ExtraHop gathers wire data passively by observing communication on the network in cases where logs are sparse or not readily available, such as in mainframes.
- ExtraHop augments Splunk host-based analysis with consistently formatted logs across systems from different vendors, high-priority anomalies, and correlated cross-tier events.
- Splunk's Big Data capabilities serve as a platform for long-term trending of ExtraHop metrics.
This sample application demonstrates integration for several key protocols, such as HTTP, database, memcache, and CIFS storage. Additional protocols such as NFS, DNS, and others are available for integration.
This app requires requires Splunk software to be installed on your system first. You will also need an ExtraHop appliance installed along with the "ExtraHop Splunk Bundle" containing the appropriate triggers and rsyslog connector configurations. More information is available on the ExtraHop customer forum: <https: forum.extrahop.com="" question="" 75="" extrahop-splunk-bundle="">
Web Metrics - Responses over time, average transaction response times, top status codes, web traffic throughput.
Web Services Metrics - Events over time, top active account numbers, top active users, and other customizable metrics such as duplicate order IDs.
Database Metrics - Responses over time, average transaction response times, errors, top methods, top users, and more.
Storage Metrics - Responses over time, average transaction response times, errors, top methods, top users, and more.
Memcache Metrics - Transactions over time, average access time, errors, message sizes, top response codes, top methods.